有检测普通密码并防止用户设置密码的功能吗? [英] A function to detect common passwords and prevent user from setting it?

问题描述

我正在研究用户密码的安全性，对我来说，重要的事情之一是当在最常见的密码列表中找到密码时，强制用户重新输入密码.

I'm working on user passwords security and one of the important things for me is to force the user to reenter a password when the password is found in most common passwords list.

做到这一点的最佳方法是什么?

What would be the best way to do this?

推荐答案

这要视情况而定.您可以使用常用密码创建文本文件，然后检查用户输入的密码是否在此列表中.

It depends. You can create a text-file with common passwords and check if the password a user entert is in this list.

一个很大的缺点是该文件将非常大，几乎不可能以这种方式覆盖所有常用密码.

One big drawback is that this file would be very large and it is nearly impossible to cover all common passwords this way.

因此，我建议编写一个函数来检查用户输入中是否有不同的禁止短语.例如如果您知道用户的真实姓名，我将禁止将其作为密码的一部分.另外，您可以强制用户输入最少数量的字符以及一些特殊字符或数字.

So I would recommend to write a function which checks the user input for different forbidden phrases. For e.g. if you know the real names of the users I would forbid to take them as a part of a password. In addition you can force the user to enter a minimum amount of characters as well as some special characters or numbers.

这篇关于有检测普通密码并防止用户设置密码的功能吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！